Responding to computer security incidents: Guidelines for incident handling

These guidelines do not comprise an exhaustive set of incident handling procedures. A lengthy set of guidelines would be too intimidating to read and to incorporate into site contingency response plans. The discipline of responding to incidents is also very much in its infancy. Because so much is yet to be learned about handling incidents, this version of these guidelines will necessarily lack some degree of sophistication and detail. In addition, it is impossible to specify specific technical procedures for responding to the many types and versions of computer systems within DOE. This guidelines document contains basic information about responding to incidents which can be used, regardless of hardware platform or operating system. For specific technical details necessary to implement many of the recommendations in these guidelines, consult your system administrator or vendor.